CVE-2025-71286 - Vulnerability Details

- ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls

Description

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls

The size of the data behind of scontrol->ipc_control_data for bytes
controls is:
[1] sizeof(struct sof_ipc4_control_data) + // kernel only struct
[2] sizeof(struct sof_abi_hdr)) + payload

The max_size specifies the size of [2] and it is coming from topology.

Change the function to take this into account and allocate adequate amount
of memory behind scontrol->ipc_control_data.

With the change we will allocate [1] amount more memory to be able to hold
the full size of data.

Published: 2026-05-06

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel, a mismatch in the calculated allocation size for bytes controls in the SOF IPC4 topology leads to an incorrectly sized buffer behind scontrol->ipc_control_data. The kernel allocates smaller memory than required, causing potential memory corruption when control data larger than the allocated space is processed. The crash or corruption would affect kernel memory integrity, but the exact security consequences are not explicitly documented in the CVE description. Based on the description, it is inferred that a malicious actor might exploit this misallocation to corrupt kernel memory, potentially affecting system stability or security. However, exploitation for privilege escalation or remote code execution is not directly supported by the provided text.

Affected Systems

The vulnerability affects the Linux kernel, specifically the SOF IPC4 topology functionality. No specific kernel versions are listed, so all kernels that include this code path may be impacted until a patch is applied.

Risk and Exploitability

The CVSS score is 5.5, and the EPSS score is < 1 %, indicating a very low exploitation probability. The vulnerability is not listed in the CISA KEV catalog. While heap‑based buffer overflows in kernel space can be serious, the lack of a public exploit and the low EPSS suggest the risk remains moderate. The attack vector would require the ability to provide control data to the affected IPC path, which is typically privileged or device‑specific.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`a382082ff74b036944cbc5b6ad29b65f633acd3a`	affected	< 59fe643f21b9d59bcbedb0dfbf988ee455c23736
`a382082ff74b036944cbc5b6ad29b65f633acd3a`	affected	< 491956b45b5f4933632ea6d8a8bdfdf045ab81e1
`a382082ff74b036944cbc5b6ad29b65f633acd3a`	affected	< a704a1a4394b5877b9adc31b2c3165ad0b541896
`a382082ff74b036944cbc5b6ad29b65f633acd3a`	affected	< 1237cd9ff198cb882402572f29569e5247190974
`a382082ff74b036944cbc5b6ad29b65f633acd3a`	affected	< a653820700b81c9e6f05ac23b7969ecec1a18e85

Linux

affected

Version	Status	Constraints
`6.4`	affected	—
`0`	unaffected	< 6.4
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[a382082ff74b036944cbc5b6ad29b65f633acd3a,59fe643f21b9d59bcbedb0dfbf988ee455c23736)`	affected	code_commit	—
`[a382082ff74b036944cbc5b6ad29b65f633acd3a,491956b45b5f4933632ea6d8a8bdfdf045ab81e1)`	affected	code_commit	—
`[a382082ff74b036944cbc5b6ad29b65f633acd3a,a704a1a4394b5877b9adc31b2c3165ad0b541896)`	affected	code_commit	—
`[a382082ff74b036944cbc5b6ad29b65f633acd3a,1237cd9ff198cb882402572f29569e5247190974)`	affected	code_commit	—
`[a382082ff74b036944cbc5b6ad29b65f633acd3a,a653820700b81c9e6f05ac23b7969ecec1a18e85)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.4`	affected	generic	—
`[0,6.4)`	unaffected	generic	—
`[6.6.128,7.0.0]`	unaffected	semver	—
`[6.12.75,7.0.0]`	unaffected	semver	—
`[6.18.16,7.0.0]`	unaffected	semver	—
`[6.19.6,7.0.0]`	unaffected	semver	—
`[0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the SOF IPC4 topology allocation size fix.
Ensure that any user‑space applications or drivers that interact with SOF IPC controls are updated to use the patched kernel logic.
If a kernel update cannot be applied immediately, consider disabling the affected IPC topology paths or restricting access to the controls; no official temporary workaround is documented.

Generated by OpenCVE AI on May 13, 2026 at 00:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1237cd9ff198cb882402572f29569e5247190974
https://git.kernel.org/stable/c/491956b45b5f4933632ea6d8a8bdfdf045ab81e1
https://git.kernel.org/stable/c/59fe643f21b9d59bcbedb0dfbf988ee455c23736
https://git.kernel.org/stable/c/a653820700b81c9e6f05ac23b7969ecec1a18e85
https://git.kernel.org/stable/c/a704a1a4394b5877b9adc31b2c3165ad0b541896
https://lore.kernel.org/linux-cve-announce/2026050630-CVE-2025-71286-9591@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-71286
https://www.cve.org/CVERecord?id=CVE-2025-71286

History

Tue, 12 May 2026 23:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-122 CWE-125

Tue, 12 May 2026 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

Thu, 07 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-131
References		https://lore.kernel.org/linux-cve-announce/2026050630-CVE-2025-71286-9591@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-71286 https://www.cve.org/CVERecord?id=CVE-2025-71286
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 06 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-122 CWE-125

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol->ipc_control_data for bytes controls is: [1] sizeof(struct sof_ipc4_control_data) + // kernel only struct [2] sizeof(struct sof_abi_hdr)) + payload The max_size specifies the size of [2] and it is coming from topology. Change the function to take this into account and allocate adequate amount of memory behind scontrol->ipc_control_data. With the change we will allocate [1] amount more memory to be able to hold the full size of data.
Title		ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1237cd9ff198cb882402572f29569e5247190974 https://git.kernel.org/stable/c/491956b45b5f4933632ea6d8a8bdfdf045ab81e1 https://git.kernel.org/stable/c/59fe643f21b9d59bcbedb0dfbf988ee455c23736 https://git.kernel.org/stable/c/a653820700b81c9e6f05ac23b7969ecec1a18e85 https://git.kernel.org/stable/c/a704a1a4394b5877b9adc31b2c3165ad0b541896

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:32:19.468Z

Updated: 2026-05-11T21:57:15.841Z

Reserved: 2026-05-06T11:31:45.509Z

Link: CVE-2025-71286

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:27.737

Modified: 2026-05-12T21:24:55.000

Link: CVE-2025-71286

Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2025-71286 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-13T01:00:23Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object